1. Field
The present invention relates to a device management system and a method of controlling the same.
2. Related Art
The development of device management (DM) is in progress as an international standard based on a synchronization markup language (SyncML) which is a data synchronization standard of Open Mobile Alliance (OMA). OMA DM defines various specifications related to a device management protocol, a device management document expression, transmission protocol binding, a device description framework (DDF), and a notification.
Basically, in order to manage devices, a DM server transmits a command to a device with a DM client installed therein, and the DM client in the device performs operations according to the received command and reports the result thereof to the DM server.
The DM server transmits a notification message to the device with the DM client (the DM client device) to request the device to access the DM server. Then, the DM client of the device performs authentication using information included in the notification message to determine whether or not the access request of the DM server is legitimate. The structure of the notification message is defined in the DM notification specification in the OMA standard.
FIG. 1 is a diagram illustrating a structure of such a notification message sent from the DM server to the DM client device according to OMA DM.
As shown in FIG. 1, the notification message 1 comprises a digest field 3 for authentication, a trigger header field 5 for storing device control information, and a trigger body field 7 for storing control codes to control a device such as a DM client device.
The digest field 3 is allocated with 128 bits according to the OMA standard. A digest 9 is calculated using a message digest algorithm 5 (MD5) and is inserted into the digest field 3. The MD5 is an algorithm used to authenticate data integrity and defined in IETF RFC 1321. A digest (“Digest” below) calculating equation is shown below.
<digest calculating equation>Digest=H(B64(H(server-identification: password)):nonce:B64(H(trigger)))
H:MD5 Hash function
B64: Encoding format Base 64 MIME
As shown above, the digest 9 is calculated by applying predetermined factors to the MD5 Hash function. The predetermined factors are a server-identifier, a password, the values of the trigger header field 5 and the trigger body field 7 in the notification message 1 except the digest field 3, and a nonce value.
The nonce value is a random number for encoding data when a server and a client set up a session and communicate with each other through the session. A DM client uses the nonce value included in the digest 9 to establish a session with the server in order to communicate with the server through the established session. If an error is generated in the nonce value due to the failure of setting up the session or data omission, the server and the client fail to match with each other. Such a phenomenon is called a stale nonce.
In a DM system according to the related art, if the stale nonce occurs while performing authentication using the digest 9 of the notification message 1, a DM client tries to access a DM server after determining whether or not the access request of the DM server is legitimate by setting up the nonce value to a default value 0x0000000, or the DM client tries to access the DM server regardless of whether the authentication is successful or failed. That is, denial of service attack (DOS) occurs.
As described above, when the DM clients receive a notification message from the DM server, the DM clients, who failed in the session matching with the DM server, try to access the DM server constantly although the authentication using the digest has failed. As a result, the related art DM has the problem of the denial of service attack.